Virus. A program that recursively replicates a possibly evolved copy of itself.

Payload

Behaviour

Description

WormAutorun

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.

GET /Installer/Flow?pubid=3022&distid=3509&productid=1694&subpubid=0&campaignid=0&networkid=0&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:5C:94:64&netv=&d1=1&d2=-1&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&version=4.1 HTTP/1.1

GET /Installer/Track?pubid=3022&distid=3509&productid=1694&subpubid=0&campaignid=0&networkid=0&reqid=120183858&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=00:0C:29:5C:94:64&netv=&d1=1&d2=-1&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&machineguid=75ed9567-aa58-4c8e-a8ea-3cad7c47ab03&diskserial=-1465484763&status=0&installedid=1694&offerscreenid=&offerorder=6&downloadduration=26562&installduration=125 HTTP/1.1

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..O.....................P......'C............@..........................`................ ..........................................a...........................................................................................................text...D........................... .0`.data...............................@.0..rdata...#.......$..................@.0@.bss..................................0..idata..............................@.0..ndata...@..........................@.0..rsrc....a.......b..................@.0.................................................................................................................................................................................................................................................................................................................................................................................U..WVS.......U..E....t...F.........{B..H...H.......M..E..5H{B..D$...$....B..M..E.....SS...E...$.D$... .B..M..E......M.WW......M.)..M..NT....NP........E.....}...VT........FP..E........}..VP........U.......FT.............}..........E..M...$..|.B..E..R...D$..E..D$...$....B.....<$....B..E..Q.}.;}...Q....~X........F4..$....B...W..........$.E......E......D$.........B.RR.FX..$.D$.....B..5..B.QQ..$.|$...RR...E...$..|....D$. ....D$..D$......D$..{B.....B...|.......T$...$..QQ.<$....B.S.M..E..D$...$....B.PP1....D